The newly released Workspace ONE Access 20.01 includes some exciting changes and improvements to the Connector architecture, as well as many new features and enhancements. A series of videos give you a peek behind the scenes for insight into these new changes.
The overview video introduces you to the new architecture of the 20.01 Connector, explains new features and enhancements, and provides you with the understanding you need to choose the appropriate migration option.
In Workspace ONE Access 20.01, the Connector was re-architected. This means that to upgrade, you must perform a migration instead of a simple in-place upgrade. But before you start migrating, you must determine whether or not you are using virtual applications. That is because the Workspace ONE Access 20.01 connector does not yet support Virtual Apps such as Citrix, Horizon, Horizon Cloud, and ThinApp integrations. If your environment includes Virtual Apps or you plan to use Virtual Apps in the future, you should continue using Connector version 19.03 for the time being. If you are not, you can go ahead and migrate.
If your use case meets the criteria for migration, the next couple of videos demonstrate your options:
This video demonstrates the migration process from Connector version 19.03 to version 20.01.
In Workspace ONE Access 20.01, the Windows service has been deprecated, requiring you to use a Linux-based service. The following video demonstrates the process for migrating an on-premises Workspace ONE Access Service from Windows to a Linux-based Service:
For more information about the migration options, see VMware Workspace ONE Access Documentation.
In addition to changes in upgrades and migrations, VMware Workspace ONE Access also includes a variety of new features and enhancements.
One of the key benefits of the new Connector architecture is the ability to install connector components individually. Instead of a single connector service, the Connector now contains components that are each a separate service: Directory Sync, User Authentication, and Kerberos Authentication. The three services perform different tasks, which results in highly optimized code. You can install all or a sub-set of these services on a single Windows machine, which provides much greater flexibility.
- Directory Sync Service: This service is responsible for synchronizing users from Active Directory or LDAP directories to the Workspace ONE Access service. Operations have now been optimized and are faster and more robust than ever. It is no longer necessary to join the machine running the directory sync to the domain.
- User Authentication Service: This service is responsible for handling most of the Connector authentication methods, and supports Password, RSA SecurID, and RADIUS deployments. With the new release, user authentication services operate in outbound only mode, which means end users never communicate directly with the Connector.
- Kerberos Authentication Services: This service is responsible for providing Kerberos authentication for internal users, which requires users to communicate directly with the Connector. This service uses regular mode, as well as the Identity Provider type WorkspaceIDP.
The settings from individual connectors have now been moved into the service itself, leaving each Connector stateless, and making it much easier to scale up and down. The Connector services are also modular, which simplifies the configuration.
Note: The new Connector architecture does not contain feature parity with older versions, but older Connector versions are continuing to be supported.
New Catalog for On Prem
In previous versions, the Hub Services catalog was available only on Workspace ONE Access Hosted. This is now no longer the case. Version 20.01 includes the Hub Services catalog, and the on-premises deployment supports the Intelligent Hub application, as well. This results in an improved end-user experience with the same look and feel as Workspace ONE Access Hosted, and supports both the Intelligence HUB client and the Workspace ONE App.
Improved Administration Interface
The admin interface has been simplified and updated, and the Virtual Appliance configuration has been moved to the Systems Diagnostic Dashboard. The Connector authentication settings can now be found in a central location under the Enterprise Authentication Methods tab. And the manual sync operation has been enhanced so you now have the option to perform a sync either with or without safeguards.
Okta Universal Directory Support
Native support for Okta Universal Directory has now been added to Workspace ONE Access Hosted. In addition, you now have no need for the Workspace ONE Active Directory sync service, or the AirWatch Cloud Connector. If Okta is part of your environment, you can just implement the Okta Universal Directory Agent to provision users into Okta, Workspace ONE Access, and UEM.
You can get more details about these and other changes in VMware Workspace ONE Access Release Notes 20.01.